But what about IIS 6?

We can't all be on the latest and greatest. As far as I know, we don't have Request Filtering in IIS 6, nor can we use the official IIS URL Rewrite Module (Available for free via the Web Platform Installer if you are running IIS 7).

While this is less than ideal, it's not hard to take those problematic requests and ignore them through and Elmah Error Filter.

First we need to use the Open Source URL Rewriter for .NET to return a 403 Forbidden result for those requests. In my case, 99% of those requests are looking for various PHP applications that probably have vulnerabilities in older versions. So I'm going to forbid any PHP files right off the bat by adding this to my Web.Config:

In my case, I'm dealing with a simple public website that doesn't incorporate any authentication or authorization, so I never actually use 403 Forbidden status code. There may be a more elegant way to do this. But this works.